If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

Under spy site attack (?)

In ZoneAlarm Security Suit 7.0.483, since I could not bring to work
none of the newer versions (V8. and extreme )

OK,

While testing a site which had sent spam / scam to a friend, ZoneAlarm blocked an attempt of installing a spy program o whatever. In the system try alert I got a fast message telling me that. The message was so fast that I could hardly read it anyway. The spy site blocking alerts logged the site twice and I got the corresponding IP via the lookup facility of
ZA at the Firewall/Zones section. The IP returned by the lookup is 195.78.228.204. I set this IP in the blocked zone.

I run the ZASS spyware and antivirus facilities and got nothing (everything apparently clean). Then I run
tfsbl.exe (Rootkit detecter and eraser) nothing found; everything clean. In the meantime ProcessGuard was also running, which, supposedly, prevents any installation of rootkits and drivers and also prevents any modification of any program. I finally run sfc/ scannow to restore the original XP-SP3 Windows protected files.

But today, I discovered in the ZASS Alert &amp; Logs /Log viewer several attempts by Firefox, Outlook and Mantispm.exe
to outgoing connect the IP 195.78.228.204:53 blocked by ZASS. Since I clean the logs on a 48 hours basis I only could discover attempts at yesterday (may 27) and today (may 28). Thirty (30) Attempts in total.

This time I also put the IPs in my hardware firewall (router).

Again,
I run today the ZA Spyware and nothing was detected.

Moreover, right now the ZASS spy blocker has logged
another two attempts over my system from two different-named sites, but with the same IP (89.17.220.221), again I have put both, names and IPs, in the ZA blocked zone and in the hardware firewall (router)

After this, I have downloaded the Trojan Hunter trial version. Trojan Hunter has detected several versions of (Agent.2008). In different locations, which
might be false positives (?). The THunter report was:

How many of theese are known to be false positives in TH, since ZASS does not detect them?

So,my questions are:

What could be going on?

Any trojan cleaner free?

By the way, I am still in ZASS v7 since I could not upgrade to extreme despite I have 150 days extended download left. As soon as I try to upgrade my system freezes and I have tried more than twenty times with both version 8 and v 8 extreme. And I followed every thing advised in the foro but no way. Is there anything new to let me upgrade?

(Sorry for so
many edits, I did not want to lose the connection,
and
I have sent the massage several times while trying to explain the situation as clearly as possible. I beg your pardon)

Re: Under spy site attack (?)

Hi,

After my first post above I have been following the issue and got something which seems rare (to me)

The program alerts has logged several outgoing attempts as follows:

ZLClient has been blocked from connecting to 209.85.229.100:53 (This is what puzzle me most)
Iexplore has been blocked from connecting to 209.85.229.100:80
Firefox has been blocked from connecting to 209.85.227.113:53
Firefox has been blocked from connecting to 209.85.229.100:53

Any help will be really wellcome

Ems

Adding more info: I have reviewed the log file of may 26 and found several connection (outgoing) attempts to 195.78.228.204. The spying site supposedly intercepted by ZASS. Theese outgoing connections were blocked without any intervention on my part which seems to mean that ZASS took care of the event
from the begining and recorded the offending IP and now it is blocking the connections to it (in any case the hardware firewall is also alert. Good). But it tells me that the nasty thing is in my computer and neither the antivirus not the antispywere can detect it.